Access your Pro+ Content below.
Reporter notebook: SCADA security, Oracle vulnerability, SQL Slammer
This article is part of the June 2012 issue of Information Security magazine
Journalists accumulate piles of notebooks filled mostly with a lot of innocuous stuff. Most of it never makes it to print or online. Unless of course you have to write a column and don’t have one thing you want to write about and just want to do what’s affectionately known as a notebook dump in journalism circles. Enjoy. SCADA security: Pipelines under attack Earlier this year, I was lucky enough to get a dose of reality regarding SCADA security -- or SCADA insecurity as the case may be. At the Kaspersky Security Analyst Summit 2012, Terry McCorkle, a researcher who has a day job with a major U.S. manufacturer, talked about a project he and fellow researcher Billy Rios took on examining the reachability of Human Machine Interfaces (HMI) online. HMI translates SCADA data into a visual representation of an industrial system, essentially building a flowchart of industrial processes. McCorkle and Rios found 95 easily exploitable vulnerabilities on these Windows-based interfaces living online. Attackers exploiting these ...
Features in this issue
Businesses and government agencies work to improve sharing of cyberthreat information.
Capabilities such as encryption and DLP can be complicated in the cloud.
SIMs aren’t just for network monitoring anymore.
Legislation designed to provide the federal government with threat data from the private sector gains steam.
Columns in this issue
Reflections on the ICS CERT alert, Oracle’s handling of a zero-day and more.
Security expert Marcus Ranum talks with Brian Chess, formerly of HP, about coding practices and security.
Enterprises need an agile risk management strategy to deal with today’s evolving threats.